Install and configure flow-capture
In order to capture netflow traffic, I have used flow-capture. In order to install it on Ubuntu, you can use apt:
apt-get install flow-capture
Once flow-capture is installed, you can configure the flow-capture.conf file:
vim /etc/flow-tools/flow-capture.conf
# Example 1:
# Capture flows from router at 10.1.1.10, listening at port 3000.
# Store flows in /var/netflow/flows/myrouter.
-w /var/netflow/flows/myrouter 0/10.1.1.10/3000
Add the file in dedicated folder:
mkdir /var/netflow/flows/myrouter
Configure a Router in order to export netflow
This configuration is different for each constructor. For example, I have configured an netflow export on a Cisco 4500:flow record R1
match ipv4 protocol
match ipv4 source address
match ipv4 destination address
match transport source-port
match transport destination-port
collect counter bytes
!
flow exporter CACTI
destination 10.10.10.10
export-protocol netflow-v5 => flow-capture is only v5 capable
!
flow monitor M1
exporter CACTI
cache entries 1000
record R1
!
interface Port-channel1
ip flow monitor M1 input
Install and configure flowview on Cacti
Download the flowview plugin (http://docs.cacti.net/plugin:flowview) and untar it in:/usr/share/cacti/site/plugins
Go to the Cacti console
Configuration>Plugin Management
And enable Flowview
Configure the path in order to read the netflow file created by flow-capture:
Go to the Cacti console
Configuration>Settings>Misc
Under Flows directory, specified your folder (for example /var/netflow/flows/)
No comments:
Post a Comment